Oqt+3CCVE-2022-44303

CVE-2022-44303:
Ruby 5FOqC0

6/dCYd

Resque Scheduler version 1.27.4 contains a Cross-site Scripting (XSS) vulnerability identified as CVE-2022-44303. The vulnerability was discovered on October 24, 2022, by TrungVM of VietSunshine Cyber Security Services. The affected component is the Resque Scheduler application, specifically version 1.27.4 (VietSunshine Report).

69Gavs

The vulnerability exists in the URL path /resque/delayed/jobs/{schedulejob}?args={argsid} where an attacker can inject malicious JavaScript code through the 'schedule_job' or 'args' parameters. The injection point allows for client-side JavaScript execution when the URL is accessed by a victim (VietSunshine Report).

k4I7F8

When successfully exploited, the vulnerability allows attackers to execute arbitrary JavaScript code in the context of the victim's browser session. This could lead to theft of sensitive information, session hijacking, or other client-side attacks (VietSunshine Report).

eODNrw

wdxz7K: lXzpe4

Sn+yiv

yRZyYq	BDHA/i	Eq6YVV	qBL0qL	3pJ7V5	yd/Ltz	LfWFUw	MefUT7
GHSA-4249-gjr8-jpq3	HIGH	8.7	Ruby	prosemirror_to_html	1UzENP	l75CjT	Nov 13, 2025
CVE-2025-64501	HIGH	7.6	Ruby	prosemirror_to_html	1UzENP	l75CjT	Nov 10, 2025
GHSA-vfpf-xmwh-8m65	HIGH	7.6	Ruby	prosemirror_to_html	1UzENP	l75CjT	Nov 07, 2025
GHSA-52c5-vh7f-26fx	HIGH	7.6	Ruby	prosemirror_to_html	1UzENP	l75CjT	Nov 06, 2025
CVE-2025-12790	HIGH	7.4	Ruby	mqtt	1UzENP	l75CjT	Nov 06, 2025

0Y8wfh

fX1rcP

Rkx7gz

lVlJIo

hg51QW

Rm1gZh

v5ktBc

"shq3dj"

htk05AkgqPHn

"hFkAdK"

3uy78sXKvT9s

"KLylDc"

hanb5o7KXyr8

mVfxVn